CLOUD COMPUTING AND SECURITY OF DATA

Cloud computing presents a new model for IT services and delivery and it usually involves over-a-network, on-demand, self-service access, which is dynamically scalable and elastic, utilizing pools of often virtualized resources. Through these features, cloud computing has the potential to improve the way businesses and IT operate by offering fast start-up, flexibility, scalability and cost efficiency. Even though cloud computing provides compelling benefits and cost-effective options for IT hosting and expansion, new risks and opportunities for security exploits are introduced. Security standards, policies and controls are therefore of the essence to assist management in protecting and safeguarding systems and data. Cloud computing risks should be analyzed and understood to be able to protect environments and avoid data being exposed. The focus of this paper is analyzing current and future trends on cloud computing and mitigation for cloud computing security risks as a fundamental step towards ensuring secure cloud computing environments. It is of essence to understand the capabilities and risks of cloud computing before a decision is made to move to a cloud computing provider

Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.Comment: Tp appear in the CCNC 2019 Conferenc

Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE

As more businesses and users adopt cloud computing services, security vulnerabilities will be increasingly found and exploited. There are many technological and political challenges where investigation of potentially criminal incidents in the cloud are concerned. Security experts, however, must still be able to acquire and analyze data in a methodical, rigorous and forensically sound manner. This work applies the STRIDE asset-based risk assessment method to cloud computing infrastructure for the purpose of identifying and assessing an organization's ability to respond to and investigate breaches in cloud computing environments. An extension to the STRIDE risk assessment model is proposed to help organizations quickly respond to incidents while ensuring acquisition and integrity of the largest amount of digital evidence possible. Further, the proposed model allows organizations to assess the needs and capacity of their incident responders before an incident occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp. 223-236, 201

Enterprise 2.0 – Is The Market Ready?

Enterprise 2.0 family technologies have growing popularity, the cloud computing market is growing rapidly and, as a consequence, companies of all sizes start to evaluate the potential fit. The use of “Software as a Service”, “Platform as a Service” and “Infrastructure as a Service” has been evolving during the past years and has become increasingly popular. As its computing viability and benefits are legitimized, the adoption rate is rapidly increasing. The most popular business model in the abovementioned family is by far “Software as a Service” (also called SaaS), which is a software distribution model assuming the software applications are hosted and maintained by the vendor or the distributor, and user access is granted exclusively by means of the Internet. Based on both literature review and action research, the paper at hand is a synthesis for the results of an empirical study performed during the last two years among Romanian and foreign companies, in order to outline and provide an objective and unbiased answer to the question: “Is the market ready for these technologies or did they come too soon?”. The paper is a part of a larger research performed by the author in the field of Enterprise 2.0 technologies.Enterprise 2.0, Software as a Service, Platform as a Service, Infrastructure as a Service, Empirical study

A Security Pattern for Cloud service certification

Cloud computing is interesting from the economic, operational and even energy consumption perspectives but it still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. However, the task of verifying security properties in services running on cloud is not trivial. We notice the provision and security of a cloud service is sensitive. Because of the potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack (as well as dynamic changes in them). Besides current cloud models do not include support for trust-focused communication between layers. We present a mechanism to implement cloud service certification process based on the usage of Trusted Computing technology, by means of its Trusted Computing Platform (TPM) implementation of its architecture. Among many security security features it is a tamper proof resistance built in device and provides a root of trust to affix our certification mechanism. We present as a security pattern the approach for service certification based on the use TPM.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tec

Cross-disciplinary lessons for the future internet

There are many societal concerns that emerge as a consequence of Future Internet (FI) research and development. A survey identified six key social and economic issues deemed most relevant to European FI projects. During a SESERV-organized workshop, experts in Future Internet technology engaged with social scientists (including economists), policy experts and other stakeholders in analyzing the socio-economic barriers and challenges that affect the Future Internet, and conversely, how the Future Internet will affect society, government, and business. The workshop aimed to bridge the gap between those who study and those who build the Internet. This chapter describes the socio-economic barriers seen by the community itself related to the Future Internet and suggests their resolution, as well as investigating how relevant the EU Digital Agenda is to Future Internet technologists